<?php
session_start();

//注销登录
if($_GET['action'] == "logout"){
    unset($_SESSION['userid']);
    unset($_SESSION['username']);
    //echo '注销登录成功！点击此处 <a href="index.php">登录</a>';
    header('location:index.php');
    exit;
}

//登录
if($_SERVER['REQUEST_METHOD'] != "POST") {
//if(!isset($_POST['submit'])){
    exit('非法访问!');
}
$username = htmlspecialchars($_POST['username']);
$password = MD5($_POST['password']);

//包含数据库连接文件
include('system/db/conn.php');
//检测用户名及密码是否正确
$check_query = mysql_query("select id,level_id from do_user where user_name='$username' and user_pwd='$password' 
limit 1");
if($result = mysql_fetch_array($check_query)){
    //登录成功
    $_SESSION['username'] = $username;
    $_SESSION['userid'] = $result['id'];
    $_SESSION['logintype'] = "userlog";
    $_SESSION['userlevel'] = $result['level_id'];    
    if(isset($_SESSION['yesorno'])){
       unset($_SESSION['yesorno']);
    }
   if($_POST['headeraction']=="sub1"){
     header('location:'.$_POST['headeraction'].'.php?supplierid='.$_POST['sub1supplierid']);
     exit;
   }
   if($_POST['headeraction']=="sub"){
     header('location:'.$_POST['headeraction'].'.php?suppliername='.$_POST['subSubname']);
    exit;
   }

   header('location:'.$_POST['headeraction'].'.php');//应该是member.php
    //echo $username,' 欢迎你！进入 <a href="my.php">用户中心</a><br />';
    //echo '点击此处 <a href="login.php?action=logout">注销</a> 登录！<br />';
    exit;
} else {
    $_SESSION['yesorno']="yes";
     header('location:index.php');
    //echo '<script language=\"JavaScript\">alert(\"登录失败:\");</script>'; 
}
?>